BolehVPN’s credit card cutoff highlights privacy, payment issues

• VPN provider trying to reinstate facilities for over a year, refused by processing bank
• Among reasons cited was that it allows users to bypass government censorship

VIRTUAL private network (VPN) service provider BolehVPN, which had its credit card pay processing facility revoked by its processing bank last year has been trying since then have its reinstated, to no avail.
 
The processing bank cited concerns that BolehVPN allows the bypassing of “government censorship” as the reason for the revocation, according to MOLPay, which provides credit card processing to the VPN provider.
 
BolehVPN‘s Reuben Yap said his company had credit card payments processing via MOLPay for about two years or so until the plug was pulled some time last year.
 
“There was a huge request of documents [from the processing bank] then from all vendors, and we didn't make the cut,” he told Digital News Asia (DNA) via email.
 
BolehVPN works with MOLPay as its payment provider, and does not deal directly with the processing bank involved in facilitating the transactions.
 
Its frustration over the matter led BolehVPN to post a blog entry on its website detailing the experience, outlining a series of communications between the company and MOLPay seeking clarity on what exactly disqualified BolehVPN from being accepted as a merchant.
 
In that blog post, BolehVPN noted that it was a longstanding customer of repute with credit card processing currently already being handled by PayPal.
 
It also argued that its “business model, from a risk perspective, is the same as webhosting/ server-hosting services which are accepted businesses by supporting banks.”
 
The final piece of communications, and what prompted the blog post, was a statement that said the processing bank was "not to accept merchants which have [the] facility/ capability to overcome government censorship."
 
Asked about the impact of losing this facility on its business, BolehVPN’s Yap said it was “a big blow.”
 
“We have been very patient with the matter (for a year) and had cooperated with all the document requests from MOLPay’s supporting bank, including some rather interesting requests such as a ‘photograph of your workstation.’
 
“MOLPay has been supportive and has tried its best to negotiate with the supporting bank's officers, but has been unsuccessful,” he said.
 
“I don't blame the banks for being cautious in their approach, and indeed PayPal too at one time cracked down on VPN providers, seeing them as facilitators of illegal activities,” said Yap.
 
However, the given reason of “enabling the bypass of government censorship” remains of particular concern, especially given the fact that the MSC Malaysia Bill of Guarantees states that the Internet will not be censored in Malaysia.
 
“Some may comment that, if you're not doing anything wrong, why would you hide?” Yap said.
 
“Privacy should not be mistaken for illegality. An analogy I use is, would you like someone peeping into your living room whenever they liked it even though you weren't doing anything wrong?
 
“Similarly, a lot of our communications or your site visit history can be misused and misinterpreted if taken out of context, including our private financial data. VPNs can and do protect your Internet use from these sort of things,” he added.
 
He said that it was worth noting that a VPN is not required to bypass Internet censorship in Malaysia, pointing out that it's just a matter of changing one’s DNS (Domain Name System) to a public DNS provider such as Google DNS or OpenDNS, which is pretty simple and not banned in the country.
 
“The censorship we are aiming more at is that against more repressive government regimes such as China or the Middle East, and we are outside their legal jurisdiction where even social media, blogs and YouTube are blocked.
 
“They implement advanced firewall systems that would lock down any unapproved content unless you were using a VPN, and even then lately there's been an arms race between VPNs and their systems,” he added.
 
According to Yap, VPNs are a privacy tool much like the Internet is a tool, with users free to do what they want on it.
 
“Let us not forget that at one time when the Internet was still relatively new, and before the advent of … Google and Facebook, it was also a haven for people seeking anonymity and privacy in their lives,” he said.
 
The middleman dilemma
 
Contacted over BolehVPN’s case, MOLPay chief executive officer Eng Sheng Guan (pic) admitted the issues currently being faced over the service provider’s application and appeal.
 
“We want their business but we have no control on the approval of the merchant. It is the acquiring bank’s decision. In fact, we are still processing BolehVPN’s Internet banking transactions,” he said.
 
Eng said that according to MasterCard guidelines, BolehVPN’s business falls under the Merchant Category Code (MCC) of 4816, which can only be processed by a high-risk payment facilitator – which MOLPay is not.
 
“Therefore, we cannot process them; however, they may go directly to the bank,” he said.
 
Eng said that such cases seldom arise, with termination of merchants usually only related to global branding decisions.
 
“After the revised guidelines were enforced in early 2013, we wouldn’t acquire high-risk merchants for credit card facilities in the first place either,” he said.
 
Asked about MOLPay’s standard operating procedure with merchants that run afoul of the guidelines, Eng said that it “might lead to immediate termination of credit card acceptance.”
 
 
“We try to delay the closure of the credit card channel as much as possible to allow the merchant to seek alternatives such as banks. Again, the right of closure of the credit card acceptance remains with the acquiring bank,” he said.
 
Eng admitted that the ‘government censorship’ issue did come into picture after MOLPay tried to appeal on behalf of BolehVPN to have the credit card channel reinstated, but stressed that the final decision still lies with the acquiring bank, declining to disclose further details.
 
Banks vs VPN providers
 
This is not the first time VPN providers have gone head-to-head with banks over the nature of their business.
 
In July 2013, popular Swedish payment service provider Payson received an email stating that VPN services are no longer allowed to accept Visa and MasterCard payments due to a recent policy change.
 
In a report by TorrentFreak, iPredator VPN, launched by Pirate Bay cofounder Peter Sunde and friends, was named as one of the affected customers.
 
Sunde told TorrentFreak that he was baffled by the decision, which he believes may be an effort to prevent the public from covering their tracks online to prevent government spying.
 
“It means that US companies are forcing non-American companies not to allow people to protect their privacy and be anonymous, and thus the NSA (the US National Security Agency) can spy even more. It’s just insane,” he added.
 
Sunde saw it as an outrage that MasterCard and Visa have apparently decided to ban a perfectly legal technology.
 
“For iPredator there are always other payment methods, like Bitcoin, but it’s insane to censor a totally legit system that is there to avoid censorship and surveillance,” he said.
 
Follow-ups by the copyright, privacy and filesharing news site saw MasterCard and Visa Europe denying responsibility for the move on Payson’s part, and pointed to the decision as an issue raised by the acquiring bank.
 
The site had been tracking developments following the introduction of restrictions against file-sharing services and noted that these policies appeared to have carried over to VPN providers and other anonymising services.
 
Next Page: Payment services and the privacy issue